Now I want the user to be able edit both their houses and their tenants details but I want to prevent them from trying to edit another users houses and tenants by forging the user_id part of the urls. So I create a before_filter like this

It does the job, but I'm wondering if there is a more elegant way. Every time I add a new resource that needs protecting from user forgery Ill have to keep adding conditionals. I don't think there will be many cases but would like to know a better approach if one exists.

def kill_session(message)
@current_user_session.destroy
flash[:error] = message
redirect_to login_url()
end
def prevent_user_acting_as_other_user
if params[:user_id] and params[:user_id] != @current_user.id
kill_session("You don't have access to this page")
elsif params[:house_id] and !@current_user.houses.exists?(params[:house_id])
kill_session("You don't have access to this page")
elsif params[:tenant_id] and !@current_user.tenants.exists?(params[:tanant_id])
kill_session("You don't have access to this page")
end
end